Peter Zatko, Twitter's former head of security, has made some startling new findings that have called into serious doubt the security of the platform's service, it's capacity to recognize and delete false accounts, and the veracity of its representations to users, shareholders, and federal regulators.
The AP: SAN FRANCISCO Peiter Zatko, Twitter's former head of security, has made some startling new findings that have called into serious doubt the security of the platform's service, its capacity to recognize and delete false accounts, and the veracity of its representations to users, shareholders, and federal regulators.
Zatko, often known as "Mudge" among hackers, is a reputable cybersecurity expert who rose to fame in the 1990s and later held important roles at Google and the Pentagon's Defense Advanced Research Agency. Early this year, Twitter let him go from his security position due to what the firm said was "ineffective leadership and poor performance." Attorneys for Zatko assert that this is untrue.
In a whistleblower complaint that was made public on Tuesday, Zatko detailed what he called an uphill 14-month battle to improve Twitter security, increase service dependability, ward off intrusions from foreign government agents, and monitor and take action against phony "bot" accounts that spammed the site.
Many of Zatko's assertions have not been verified, and the lawsuit did not include any supporting documentation for his claims. Twitter referred to Zatko's account of the events as "a false narrative" in a statement.
THE SECURITY AND PRIVACY SYSTEMS ON TWITTER WERE GROSSLY INAPPROPRIATE
By agreeing to implement more robust data security measures, Twitter settled a Federal Trade Commission probe into its privacy practices in 2011. In contrast, according to Zatko's complaint, Twitter's issues grew worse with time.
For instance, according to the complaint, Twitter's internal systems gave access to too many workers to use personal data that they didn't require for their professions, creating an environment that was inviting to abuse. According to the complaint, Twitter proceeded for years to harvest user information, including phone numbers and email addresses, that was only intended for security purposes for ad targeting and marketing activities.
TWITTER'S WHOLE SERVICE COULD have irreparably collapsed under pressure.
One of Zatko's complaints' most startling disclosures is that the company's backup plans were so inadequate and Twitter's internal data infrastructure so shoddy that any large outage or unanticipated shutdown may have destroyed the entire site.
A "cascading" data-center failure raised worries that it would soon spread to Twitter's vulnerable information systems. According to the complaint, "That meant that Twitter was unsure if they could get the service back up if all the centers went offline simultaneously, even for a small period. Estimates of downtime ranged from weeks of nonstop operation to total irreparable failure.
TWITTER FRAUDULENTLY DISCLAIMED FAKE "SPAM" BOTS TO REGULATORS, INVESTORS, AND MUSK
In short, Zatko's complaint asserts that Twitter management has no motivation to accurately gauge the incidence of bogus accounts on the system, which is a contention made by Tesla CEO Elon Musk, whose $44 billion attempt to acquire Twitter is scheduled for trial in October in a Delaware court.
The company's executive leadership allegedly engaged in "deliberate ignorance" of these so-called spam bots, according to the complaint. The complaint claims that senior management was unwilling to accurately assess the prevalence of bot accounts because they were worried that doing so would damage Twitter's "image and valuation."
On January 6, 2021, Twitter might have been sympathetic to fired workers.
In his complaint, Zatko claims that he started to worry that workers sympathetic to the rioters could try to disrupt Twitter when a mob gathered in front of the U.S. Capitol on January 6, 2021, eventually storming the structure. The fact that it was "impossible" to shield the platform's key systems from a potential rogue or disgruntled engineer looking to cause havoc increased his level of worry. The complaint claims that all engineers had "some type of crucial access" to Twitter's essential functions and that "there were no logs, nobody understood where data lived or whether it was critical."
A MATTER OF PLAY FOR OTHER GOVERNMENTS
The Zatko complaint also demonstrates how difficult it is for Twitter to recognize, much less combat, the presence of foreign agents on its platform. The complaint claims that in one instance, the Indian government forced Twitter to employ particular people who were allegedly employed as spies and who would have had extensive access to sensitive data due to Twitter's own insufficient security measures. The complaint also makes murkier claims about allegedly receiving funds from unnamed "Chinese entities" who may then obtain information that might put Twitter users in China in danger.
Read more Latest Business News , Today Politics Headline , Today Finace News Update ,Latest Social News Update , World News Highlight , Entertainment Latest News , Today Sports News Update , Education Latest Update , Real Estate Today Update